We’ve talked a lot in previous blogs about how the Storj platform’s edge-based delegated authorization model for access control enables developers to create more secure and private applications. With the significant increase in the number and severity of ransomware attacks, especially over the last 18 months, we’ve seen a lot of interest in how Storj DCS can provide a more substantial level of security and privacy.
While many may assume a ransomware attack threatens to expose sensitive information, most commonly, it’s the reverse. Critical information is encrypted (or re-encrypted) by malicious actors using keys that only the attackers possess. Unless the ransom gets paid, the critical information—health care records, operating information for electrical systems, banking records—is left in an encrypted and unusable form.
Rise of Ransomware
The vulnerability to ransomware attacks gets exacerbated by many factors, including an increased threat surface due to the pandemic-related remote work, increasingly sophisticated software supply-chain attacks, and state-sponsored activity. Cloud storage and primarily offsite backups of critical data are specifically targeted to ensure victims don’t have an avenue for a swift recovery. Conversely, one of the best defenses against this type of ransomware attack is having a regular system of backups resistant to malicious corruption or re-encryption.
How Ransomware Attacks Target Cloud Storage
Most ransomware attacks target the software and data on private networks, but data and applications running in the cloud aren’t immune. When it comes to cloud storage, the most common attack vectors fall into one of two categories:
- Infrastructure-based attacks that compromise hardware operated by cloud providers.
- Credential-based attacks where an attacker gains control of credentials to a storage environment by compromising a device with embedded credentials or a drive mounted against a cloud storage repository.
Concerning infrastructure-based attacks, decentralized networks are incredibly resistant to this type of attack. For example, attacking the Storage Nodes storing the data on the Storj network would require an attacker to identify and concurrently disable 52 or more Storage Nodes out of over 13,000 globally distributed Nodes on the network, operated by different people, in different places, with different network providers. All the while, the Satellites are auditing those Nodes and repairing data as Nodes fail. With Storj DCS, for example, there is no single server or environment that can be compromised, which would result in the loss of data availability.
Many approaches have been tried to minimize the impact of ransomware attacks. Merely encrypting data at rest has proven to be inadequate as data is simply re-encrypted. Some cloud vendors have offered solutions for immutability based on locking a bucket with centralized user-based access management. While these tools can be effective, they rely on broad-scope, coarse controls that lock down data at the bucket level. Additionally, providers like AWS require complex authorization policies authored in JSON designed to interoperate with Amazon’s separate IAM (Identity and Access Management) capabilities.
Frequently, businesses need greater flexibility to achieve a more granular level of access and wish to avoid the complexity and cost associated with integrating, supporting, and maintaining additional components.
Decentralized Storage Approach to Ransomware Resistance
Data stored on a distributed and decentralized network like Storj DCS has some benefits that are a result of fundamental architectural considerations related to storing data on infrastructure composed of a network of thousands of storage nodes operated in a zero-trust environment. The underlying assumption is the security and privacy of data stored must be protected from and against the infrastructure on which it is stored.
The capabilities of the the software required to deliver that level of security and privacy to users storing data include default data and metadata encryption, erasure coding of encrypted data, distribution of the erasure coded pieces to diverse Nodes, granular levels of authorization, a separation of authorization from encryption, and delegation of authorization/encryption management to the edge. The very capabilities required to store data securely and privately on a decentralized network (at all) have been exposed to developers as features to build an increased level of privacy and security into their applications.
Storj DCS uses a construct called an Access Grant containing an API Key, and Encryption store, and the address of the Satellite storing the object metadata to manage access to objects stored on the service—everything an application needs to locate an object on the network, access that object, and decrypt it. The key benefit of this approach is that these Access Grants and any associated restrictions can be entirely managed client-side, without a central Access Control List or other server-side mechanism involved in the access management process. We call this delegated authorization.
It’s easy for developers to use delegated authority to create access grants that have usage restrictions encoded into them so that an application using the grants can only add new data to a particular path but not overwrite or delete data. This approach prevents an application from performing the actions on data required for a successful ransomware attack - without the need for any other complicated access policies or additional software. There is also no way to remove those restrictions or escalate the privileges of the credential - valid credentials are cryptographically verifiable.
Maximize Security with Minimal Complexity
All cloud providers give tools to developers to make their applications more resistant to security threats such as ransomware attacks. Storj DCS provides tools that enable developers to secure their data with minimal complexity. By reducing the steps and components required to secure data on the network, and providing easy-to-use tools enabling developers to build more secure and private applications, we reduce the likelihood and impact of incidents such as ransomware attacks and enhance data privacy for users of those applications.